Towson U., National Federation of the Blind re-invent CAPTCHA
Researchers at Towson University and the National Federation of the Blind, based here in Baltimore, have come up with a new and more accessible twist on the CAPTCHA services -- you know, those squiggly, hard-to-read letters us humans are forced to enter in a Web application to verify that we're human and not malicious bots.
CAPTCHA technology has been around for more than 10 years and its history has been a sort of arms race between security geeks and hackers. New types of CAPTCHAs are devised, but hackers can write programs that can "read" the letters and numbers. Meanwhile, people with disabilities can struggle with trying to get past the CAPTCHA security, because they have trouble seeing or hearing the CAPTCHA codes.
Computer viruses have an easier time than people with disabilities in getting past some CAPTCHA systems, according to Towson professor Jonathan Lazar, who worked on the new system with the NFB.
"Unfortunately what happens is it becomes very often not a test of if you're human, but a test of whether you can see," Lazar said. "Basically, computer viruses are twice as successful as blind people on the old captchas. It's a problem, and that's why we've been working on building this."
Here's how the Towson system works: The user is shown both a picture and a sound of an easy to identify object. In the case above, we see birds, drums, lion.
Corresponding sounds for each object are then played for the user, who types in what she hears. Lazar said their algorithms can accept variations of the user input, such as plurals, i.e. bird/birds, drum/drums, lion/lions. This type of security approach works because humans are still far better than computers at recognizing sounds and putting names to them, according to Lazar.
The Towson researchers recently filed a patent application for their system, which they call HIPUU (Human Interacting Proof Universally Usable.)
Who knows -- maybe sometime soon this will become the new standard.
This is an archived version of the technology blog. For updated coverage, see the current baltTech location: baltimoresun.com/balttech
Categories: *NEWS*, University Tech, Web Dev & Apps
Comments
The visual component to HIPUU reminds me of a kitten-based CAPTCHA concept that created some buzz back in 2006. Users were prompted to click on three photos of kittens to prove they were human. Ars Technica has an article on it here: http://bit.ly/ZFpZT
KittenAuth's glaring omission was audio verification for visually-impaired users, something HIPUU seems to do nicely.
But couldn't they have come up with a better acronym?
Irony alert: Upon my first attempt to post this comment, I failed the reCAPTCHA test.
Posted by: Gavin | November 18, 2009 8:48 AM
C.C. Gavin,
Actually, I'm pretty sure Professor Lazar and his team chose the acronym "HIPUU" on purpose. It rolls off the tongue and is easy to remember.
If you come up with something you think works better, we'd be open to suggestions!
Stu Zang
Media Relations Specialist
Towson University
Posted by: Stu | November 18, 2009 9:37 AM
Excellent!
However, why not just use a recording of someone saying the word "lion" instead of a roar? Not to be nit-picky, but I could imagine scenarios where someone would type in answers the developers haven't thought of (drum, drums...to...beat, music, hip-hop, rhythm, etc.). Maybe that's a stretch, but is there a reason the audio recording doesn't just speak the word?
Posted by: Dave | November 18, 2009 1:10 PM
Thanks for your interest in our HIPUU tool!
Speech recognition is a tool used by hackers for automated attacks, and is very good at understanding spoken words. So, if the HIPUU application just spoke the word "lion" in synthesized speech, it wouldn't be very secure. The existing audio CAPTCHAs use a high level of distortion in the speech synthesis, which makes them very hard to use. It's much harder for a computer to recognize a sound of a lion (or the corresponding picture of a lion), but it's easier for humans. The purpose of a HIP is to prevent against automated attacks, where, say, 10,000 e-mail accounts are created in a minute.
As for the issue about drum, drums, drumming, we have already included a feature that identifies related words and commonly used synonyms.
Dr. Jonathan Lazar
Dept. of Computer and Information Sciences
Towson University
Thank you for clearing that up! -gs
Posted by: Jonathan | November 18, 2009 3:39 PM
Is this currently available for use on websites? If so, where would one go to get it?
No, it's not available yet (good question). They're still developing it and a public demo isn't available yet. -gs
Posted by: Lisa | November 18, 2009 3:59 PM
Thank you for everyones interest in HIPUU. I am very excited about this project, and hope that we can get a version online soon so that everyone can interact with it.
Thank you
Graig
Posted by: Graig | November 18, 2009 7:58 PM
Sounds exciting. Unfortunately, it is still not accessible to people who are deafblind, or who have both visual and hearing disabilities. At least, this is my impression. I would be happy to be proven wrong.
Posted by: Angie | November 19, 2009 2:43 PM
I don't understand how this would work for deaf or blind people. Better stick with basic logic questions such as "Is fire hot or cold?". There are many other ideas too for fighting form spam such as: ensuring the form is posted from your server; and detecting content within a hidden form element. For more, go to my web site and search for CAPTCHA or go directly to: http://webaxe.blogspot.com/2009/05/captcha-alternatives-and-articles.html
Posted by: Web Axe | November 25, 2009 7:24 PM
I haven't seen this captcha service anywhere but wouldn't be possible for network of people to effectively copy the picture database?
Posted by: James | March 27, 2010 10:48 PM
Excellent!
However, why not just use a recording of someone saying the word "lion" instead of a roar? Not to be nit-picky, but I could imagine scenarios where someone would type in answers the developers haven't thought of (drum, drums...to...beat, music, hip-hop, rhythm, etc.). Maybe that's a stretch, but is there a reason the audio recording doesn't just speak the word?
yes i agree you
thanks
osman
Posted by: osman nagihan | July 2, 2010 4:57 AM